Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Encrypted option using JSON Web Tokens #166

Closed
wants to merge 3 commits into from

Conversation

@ashutoshpw
Copy link

commented Sep 6, 2019

Added an option to use secret email addresses in the repository.
Also, the open version of the TXT records will break.

So, people who have no problem with their public address being public can use as it is.
And people who want to hide their forwarding address can use the following TXT record;

forward-email-hashed=TOKEN_GENERATED

If we agree to use this JWT token, I will also write to the script to generate tokens as well

ashutoshpw added 3 commits Oct 22, 2018
Added Encrypted Feature using JWT Token
In your .env file, add 
JWT_SECRET=<ANY_RANDOM_STRING>

To generate secure tokens, there should be a separate endpoint.
@niftylettuce

This comment has been minimized.

Copy link
Owner

commented Sep 6, 2019

Thank you for this PR - I already have something similar to this using better encryption though. I will keep you posted as soon as it's released.

@tracker1

This comment has been minimized.

Copy link

commented Sep 6, 2019

JWT isn't usually encrypted. It includes a signed hash, you can usually look at the body of the token by decoding the base64 for that part.

In the browser console:

let token = `PASTE_HERE`;
let tparts = token.split('.');
let theader = JSON.parse(atob(tparts[0]));
let tclaims = JSON.parse(atob(tparts[1]));
console.log({ theader, tclaims });

NEVER put secrets (passwords, etc) in your JWT claims.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.